Contact Information

JUDGE TOSSES EVIDENCE GATHERED BY FBI’S TOR EXPLOIT

posted Jun 1, 2016, 9:44 AM by Resty Manapat

The FBI’s refusal to share details about a network
investigative technique it used to gather evidence against a Vancouver teacher
charged with possession of child pornography has forced a federal judge’s hand
to exclude the evidence from trial.

The NIT used by the FBI to hack the Playpen website is
believed to have de-anonymized users visiting the site who were using the Tor
browser.

Judge Robert J. Bryan, a U.S. District Judge, on
Wednesday granted defendant Jay Michaud’s motion to exclude the evidence.

“For the reasons stated orally on the record, evidence of
the N.I.T., the search warrant issued based on the N.I.T., and the fruits of
that warrant should be excluded and should not be offered in evidence at
trial,” Bryan wrote.

Michaud, a 62-year-old teacher, was arrested last July in
Seattle and was charged with possession of child pornography he allegedly
downloaded from a dark web site called Playpen. The Washington Post reported
that FBI seized the site’s servers and in February 2015 launched the exploit on
the site leading to charges against 137 people. On Feb. 17, 2016, Michaud’s
defense team was granted a motion compelling the government to produce evidence
related to the network investigative technique (NIT) it deployed.

Michaud’s defense team filed a new motion seeking the
evidence be tossed after several requests in discovery to see the exploit and
learn more about how it worked were rebuffed by the FBI.

The defense wrote in a motion filed May 9 that the FBI’s
use of its NIT against the site and Tor users exposed Michaud’s computer and
storage devices seized under the warrant to third-party attacks associated with
the distribution of child pornography. The defense suggests—and has computer
science and experts corroborating—that the NIT could have allowed third parties
to use Michaud’s computer to remotely transmit and store the illegal content.
The motion quotes Dr. Matthew Miller, a University of Nebraska computer science
professor:

“[w]ithout knowing what exploit was used by the FBI in
this case,” along with other discovery that the Court has ordered, it is not
possible to “determine whether the files [i.e. child pornography] that the
government says were located on various storage devices were put on those
devices by Mr. Michaud.”

The FBI’s exploit bypassed the anonymity protections
afforded by the Tor browser and gathered IP addresses, MAC addresses and other
system data from visitors to the site over a 13-day period. Mozilla had also
previously filed a motion asking the FBI to share its exploit so that the
vulnerability being attacked could be patched in the Firefox browser. The Tor
browser is partially built on Firefox code. The FBI argued that exposing the
exploit against Tor would not provide any insight as to how the FBI gathered data
on visitors to Playpen.

“Knowing how someone unlocked the front door provides no
information about what that person did after entering the house,” special agent
Daniel Alfin wrote, “Determining whether the government exceeded the scope of
the warrant thus requires an analysis of the NIT instructions delivered to
Michaud’s computer, not the method by which they were delivered.”

The defendant’s most recent motion argued that the FBI’s
refusal to hand over details on its exploit interferes with Michaud’s ability
to get a fair trial.

“The problem for the Government is that, even if all of
that were true, the situation in this case would remain the same: a choice
between deferring to the Government’s position that it will not or cannot
comply with the Court’s discovery order and upholding Mr. Michaud’s
constitutional rights to effective representation and a fair trial,” Michaud’s
attorneys wrote. “As detailed in the accompanying declarations, the discovery
ordered by the Court goes to the heart of Mr. Michaud’s defense. The Supreme
Court has already made plain that, in situations like this, a defendant’s
constitutional rights must prevail.”

Please consult an attorney for advice about your individual situation. This site and its information is not legal advice, nor is it intended to be. Feel free to get in touch by electronic mail, letters or phone calls, please withhold from sending any confidential information to us.